CVE-2021-35030
published 2021-07-26CVE-2021-35030: A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an…
medium4.3CVSS 3.1
AVAACLPRHUIRSCCLILAN
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | gs1900-10hp_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-16_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-24_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-24e_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-24ep_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-24hp_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-24hpv2_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-48_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-48hp_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-48hpv2_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-8_firmware | < 2.70 | 2.70 |
| zyxel | gs1900-8_firmware | — | — |
| zyxel | gs1900-8hp_firmware | < 2.70 | 2.70 |